2011-03-09 12:28:00| 分类: Linux Support | 标签: |举报 |字号大中小 订阅
一、安装
#yum install snmp-*
二、snmp.conf文件介绍 (/etc/snmp/snmp.conf)
1.常用配置
community名字都不变,组名字也不变。只加个view的范围,给他配置个权限。
| name | incl/excl | subtree | mask(optional) | |
| view | all | included | .1 | 80 |
view all included .1 80
access notConfigGroup "" any noauth exact systemview none none 改为
access notConfigGroup "" any noauth exact all none none
2.详解
# sec.name source community
com2sec notConfigUser default public
#定义community名称为 public,映射到安全名 notConfigUser。
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
#定义安全用户名notConfigUser映射到notConfigGroup组。
# Third, create a view for us to let the group have rights to:
#定义一个view,来决定notConfigUser可以操作的范围。
# Make at least snmpwalk -v 1 localhost -c public system fast again.
#定义可查看的snmp的范围。
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
# Finally, grant the group read-only access to the systemview view.
#给notConfigGroup组所定义view名 all 以只读权限
#access MyROGroup "" any noauth 0 all none none
3 配置步骤
1)首选是定义一个共同体名(community),
这里是public,及可以访问这个public的用户名(sec name),这里是notConfigUser。Public相当于用户notConfigUser的密码:)
# sec.name source community
com2sec notConfigUser default public
2)定义一个组名(groupName)
这里是notConfigGroup,及组的安全级别,把notConfigGroup这个用户加到这个组中。
groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
3)定义一个可操作的范围(view)名
这里是all,范围是 .1
# name incl/excl subtree mask(optional)
view all included .1
4)定义notConfigUser这个组在all这个view范围内可做的操作,这时定义了notConfigUser组的成员可对.1这个范围做只读操作。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
ok,这样我们的snmpd.conf文件就基本配成了
启动/关闭 重启:/etc/init.d/snmpd start/stop/restart
关闭进程:ps aux |grep snmp |grep -v grep |awk '{print $2}' |xargs kill
常见问题
错误1:
# snmpwalk -v 1 -c public localhost system
Cannot find module (IP-MIB): At line 0 in (none)
Cannot find module (IF-MIB): At line 0 in (none)
...
Cannot find module (SNMPv2-TM): At line 0 in (none)
system: Unknown Object Identifier (Sub-id not found: (top) -> system)
错误2:
qu@ubuntu:~$ snmpwalk -v 2c -c public 192.168.4.12
Timeout: No Response from 192.168.4.12
dunkel
>
> The original problem was:
> "However if I run "snmpwalk -v 1 -c public 192.168.1.36 system" on the
> stable box, with 192.168.1.36 the IP address of the testing box, i get:
> Timeout: No Response from 192.168.1.36
>
> snmpd is up and running, I can ping both ways, there are no firewalls
> in place. What could be wrong?"
>
> The solution is:
> open snmpd.conf with your favourite editor and
> add these 2 lines:
> interface eth0
> agentaddress [ip address of your host]:[listening port - 161 is the default]
错误3:
sarge:/# snmpwalk -v 2c -c public localhost
Timeout: No Response from localhost
错误排除:
步骤1:
sarge:/# snmpd -f -Le
屏幕显示(net-snmpd的log文件中是同样内容)
Warning: no access control information configured.
It is unlikely this agent can serve any useful purpose in this state.
Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.
Error opening specified endpoint "udp:161"
Server Exiting with code 1
新建目录
拷贝现有snmpd.conf 到/root/.snmp/snmpd.conf
步骤2:
snmpd -f -Le -Dread_config
读配置文件,开头显示了默认的配置文件的路径。
sarge:/# snmpd -f -Le -Dread_config
read_config: reading premib configuration tokens
read_config: config path used: /nfsroot/cq8401/bin/net-snmp/etc/snmp:/nfsroot/cq8401/bin/net-snmp/sh
are/snmp:/nfsroot/cq8401/bin/net-snmp/lib/snmp:/root/.snmp:/var/net-snmp
中间显示了配置文件的内容。
首先查看在默认配置文件的路径中是否有你的配置文件。
如果有,再在配置文件中配置权限。
小技巧:可以使用snmpd -f -Le -Dread_config 命令来查看日志文件信息,排错。
snmpd命令的有用选项:
-c FILE 指定文件为配置文件
-C 不读取默认的配置文件
-d dump接收和发送SNMP数据包
-D TOKEN 对于给定的TOKEN(标志)打开调试信息 ( -Dmib_init)
-I [-]INITLIST 对于要初始化的MIB列表显示
-M DIRLIST 指定MIB库的路径
-V 显示详细信息
-Le 把错误信息输出到日志中
-Lf FILE 把错误信息输出到指定文件中
-m MIBLIST use MIBLIST instead of the default MIB list
也许在执行第四不步make后,过了一会儿程序退出,并提示一下错误:
Grep /usr/lib/libbeecrypt.la: No such file or directory
/bin/sed: can't read /usr/lib/libbeecrypt.la: No such file or directory
libtool: link: `/usr/lib/libbeecrypt.la' is not a valid libtool archive
make[1]: *** [libnetsnmpmibs.la] Error 1
make[1]:Leavingdirectory /email/share/ceno_soft/net-snmp-5.4.1/agent'
make: *** [subdirs] Error 1
解决方法
说明缺少libbeecrypt.la ,libbeecrypt.so等共享库
如果确认系统中有libbeecrypt.la,也许他安装在/usr/local下面,可尝试:
ln -s /usr/local/lib/libbeecrypt.la /usr/lib/libbeecrypt.la
如果/usr/local下面没有,那么你必须安装beecrypt
下载路径http://nchc.dl.sourceforge.net/sourceforge/beecrypt/beecrypt-4.1.2.tar.gz
解压并安装到/usr目录下:
tar -zxvf beecrypt-4.1.2.tar.gz
./configure -prefix=/usr
#默认是安装在/usr/local,我们需要安装在/usr目录下。如果没有加这个参数需要做连接
ln -s /usr/local/lib/libbeecrypt.la /usr/lib/libbeecrypt.la
编译并安装beecrypt库,先执行make编译源码包文件编译成功后执行安装命令make install,其命令如下:
#make
#make install
好,beecrypt安装完成后,我们继续NET-SNMP的编译,执行一下make 命令。
当我们继续make的时候,第一个错消逝了,但不幸的是出现了一个新的错误,错误提示如下:rpath -Wl,/usr/local/lib
/usr/bin/ld: cannot find –lelf
collect2: ld returned 1 exit status
make[1]: *** [snmpd] Error 1 make[1]: Leaving directory `/local/akazam/cacti/bak/net-snmp-5.4.2/agent'
make: *** [subdirs] Error 1
ke[1]: Leaving directory `/local/akazam/cacti/bak/net-snmp-5.4.2/agent
make: *** [subdirs] Error 1
解决方法
执行命令: ln -s /usr/lib/libelf.so.1 /usr/lib/libelf.so
评论